The official Twitter account of crypto exchange KuCoin has recently been compromised, leading to users losing their funds to a fake giveaway event. The crypto platform promised to reimburse the funds lost from the incident.
1/ The @kucoincom handle was compromised for about 45 mins from 00:00 Apr 24 (UTC+2). A fake activity was posted and unfortunately led to asset losses for several users. KuCoin will fully reimburse all verified asset losses caused by the social media breach and the fake activity.— KuCoin (@kucoincom) April 24, 2023
In an announcement, KuCoin confirmed that its Twitter was compromised for almost an hour on April 24, 8:00 am Eastern Time. According to the exchange, the attackers posted a fake activity to lure KuCoin users into thinking that they were participating in an official event. So far, the exchange has identified 22 transactions that were involved in the incident and pledged that it would reimburse the victims.
The company urged victims to contact them for assistance and promised to implement better security measures to prevent similar incidents in the future. The firm also said that it’s collaborating with Twitter in conducting further investigations to look into the incident.
One community member who claimed to be a victim said that they were the first to join the fake activity. According to the KuCoin user, the exchange makes campaigns that are similar to the tweet posted by the attackers. The Twitter users also said that it was a good thing that the exchange was able to respond to the attack very quickly.
Related: Hack negotiations: Why platforms with ineffective bounty programs pay a higher price
Taking over exchanges' official Twitter accounts to promote scams is becoming one of the go-to strategies for hackers in the space. In September 2022, crypto exchange CoinDCX’s Twitter account was compromised and was seen promoting fake XRP advertisements. On Jan. 25, hackers took over the Twitter account of trading platform Robinhood and promoted a crypto token.
Apart from crypto exchanges, the modus operandi also extends to other parts of Web3, such as the nonfungible token (NFT) space. On Jan. 28, NFT project Azuki's Twitter account was taken over by hackers, resulting in losses of $758,000 in just 30 minutes.
Magazine: US enforcement agencies are turning up the heat on crypto-related crime